W M U G NL

WMUG Meeting #2 - DeploymentAPPLICATION DEPLOYMENT ACROSS SEVERAL DEVICES WITH SYSTEM CENTER 2012 CONFIGURATION MANAGER

Our Sponsors

Agenda

Introduction

Microsoft’s Cross Plaform Architecture

Enrollment

Deployment Types for Mobile Applications

Settings Management

Introduction

Who we are

Kenneth van Surksum

Consultant at itgration

Microsoft MVP for 3 yrs, vExpert for 2 yrs

Author:◦ Contributor System Center 2012 Configuration Manager Unleashed◦ Contributor System Center 2012 R2 Configuration Manager Unleashed◦ Contributor System Center 2012 R2 Service Manager Unleashed◦ Co-Author Mastering Windows 7 Deployment

Communities:◦ Co-founder WMUG NL (http://wmug.nl)◦ Founder and Blogger www.vansurksum.com◦ Chief Editor at virtualization.info en cloudcomputing.info

Speaker:◦ Microsoft Techdays◦ Microsoft Management Summit

Follow me: @kennethvs / www.vansurksum.com

Who we are

Peter Daalmans

Senior Technical Consultant at IT-Concern

3 year Microsoft MVP: Enterprise Client Management (ConfigMgr and Windows Intune)

Author:◦ Mastering System Center 2012 Configuration Manager◦ Mastering System Center 2012 R2 Configuration Manager

Communities:◦ Co-founder WMUG NL (http://wmug.nl)◦ Founder and Blogger ConfigMgrBlog.com

Speaker:◦ Spoke on several events like TechDays Netherlands, ExpertsLive,

User Group meetings, TechEd New Zealand and TechEd Australia.

Follow me: @pdaalmans / ConfigMgrBlog.com / peter.daalmans@it-concern.nl

Cross platform support

Microsoft’s cross-platform management

Microsoft’s cross-platform Architecture

Mac OS X

Windows PCs(x86/64, Intel SoC),

Windows to GoWindows Embedded

Windows RT, Windows Phone 8

iOS, Android

Microsoft Exchange Server 2010 SP3Microsoft Exchange Server 2013

orOffice 365

Windows Intune & ConfigMgr 2012 R2

Infrastructural requirements:Windows Intune subscription

Windows Azure Active Directory Sync tool (DirSync)

Windows Intune Connector site role

Single Sign On

Two options: Via Windows Azure Active Directory Sync tool (DirSync)Passwords need to be synced to Azure Active Directory

Authentication is done on Azure Active Directory

DirSync and Active Directory Federation ServicesNo passwords are saved in the cloud

Authentication happens on your Active Directory

Not supported but you can configure DirSync what to synchronize.

How does ADFS work?

AFDS Proxy ADFS / DC

Windows Azure Active Directory Sync toolwithout password sync

1. User goes to Windows Intuneportal.manage.microsoft.com

2. User is redirected to ADFS Proxy

3. User provides AD credentials

4. Credentials areverified

5. User receives security token

6. User presents security token and gets access (or not)

DMZ

Active Directory1. User goes to Windows Intune

portal.manage.microsoft.com

2. User is redirected to ADFS Proxy

3. User provides AD credentials

4. Credentials areverified

5. User receives security token

Setting up Windows Intune

1. Go to http://www.windowsintune.com and sign up for a trial

2. Setup Domain Name in Windows Intune

3. Setup UPN in your Active Directory (if different from domain name in Windows Intune)

4. Setup DirSync

5. Setup ADFS / ADFS Proxy

6. Activate Users in Windows Intune Portal (https://account.manage.microsoft.com/)

7. Install and configure Windows Intune Connector in Configuration Manager 2012 R2

DemoWINDOWS INTUNE AND CONFIGMGR TOGETHER

How does ConfigMgr keep up with Windows Intune and the market?

Updates of Windows Intune are done quarterly

Via the Extensions for Windows Intune Microsoft is able to add Windows Intune features to Configuration Manager 2012 R2

Recently added: Email Profiles Extension (Configure and wipe Exchange ActiveSync accounts on

managed iOS and Windows Phone 8 devices.)

iOS 7 Security Settings (Adds functionality for iOS 7 security settings such as “Open In” and lock screen settings.)

DemoEXTENSIONS FOR WINDOWS INTUNE

Mobile Device Enrollment

Enrollment is done by the users themselves

Enrollment can be done from the Company Portal for◦ Android

◦ iPhone / iPad

Enrollement via build in OMA-DM agent ◦ Windows RT

◦ Windows Phone

DemoENROLLMENT ANDROID & IPAD

End User Experience

Native Windows app package (.appx)

Available in the Windows Store

Windows Phone 8 Company Portal

iOS/Android Company Portal

Native Windows Phone 8 app (.xap)

Needs to be sideloaded

Web based portal Hosted in Windows Intune

Windows RTCompany Portal

Deployment Types for Mobile Applications

Platforms Windows App Windows Phone Apple iOS

Android

Application install (sideloading)

*.appx *.xap *.ipa *.apk

Deep links from store

Windows Store Windows Phone Store

Apple App Store Google Play

Deeplinking Applications

DeeplinkingProviding direct links to the application in the Application StoreWindows Store

Windows Phone Store

Apple Store

Google Play

DemoDEEPLINKING MOBILE APPLICATIONS

Sideloading

SideloadingIn house/company custom developed applicationsRequires development tools/licenseMicrosoft: Visual Studio

Apple: Xcode

Google: Android Developer Tools plugin for Eclipse

Testing Sideloaded Applications

Testing ApplicationsGoogle: Just enable installation on a per device basis

Apple: UUID of device must be registred to developer (100 max/year) - http://developer.apple.com/programs/ios/enterprise

Microsoft: Domain Joined Machines via GPO and a Certificate

Microsoft Phone: Emulator for Windows Phone 8/Windows Intune Trial Management for Windows Phone 8

Installing Sideloaded Applications

Microsoft: Domain Joined (GPO/Certificate) or non domain joined or specific editions (Pro) then sideloading key (per 100)

Microsoft (Phone): Code signing using Verisign Certificate(http://www.symantec.com/verisign/code-signing/windows-phone)

Google: Just install

Apple: Encrypted file must be authorized (uses Apple FairplayDRM)

DemoSIDELOADING MOBILE APPLICATIONS

Web Applications

Deploy a link to a website, just like an application

Settings Management

Settings Management

Retire/Wipe devices